Hi,
Sounds good to me. Keep in mind that key exchange is out of band so it has
to be a flexible interface to get that info into the dissector.
Thanx,
Jaap
On Wed, 21 Jun 2006, Neil Piercy wrote:
> I've started looking at adding SRTP dissection to wireshark - anyone
> else already doing this ?
>
> The way I'm heading at present is to add it on the side of RTP/RTCP
> dissection (in the same files) as it really modifies the payload only,
> and has no signalling of its presence in the header (only out of band
> signalling such as MGCP, and it needs the same hooks into other
> protocols such as MGCP to do this as RTP does).
>
> I'm planning on doing phases:-
>
> a) ensure RTP doesnt try to pass on the encrypted payload to the payload
> dissectors, and RTCP doesnt try to dissect it (pretty easy & almost done)
>
> b) add auth support (slightly harder, but not much)
>
> c) add decryption support if the key exchange is captured by e.g. SDP or
> via a user preference (like SSL support for this)
>
> d) add signalling support to any protocols which support SRTP key exchange
>
> Anyone got any strong opinions on whether this is a good or bad design
> way to go ?
>
> Neil
